API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 5th, 2017
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.31 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. function siteaccess_init()
  4. {
  5. global $CONFIG;
  6.  
  7. $CONFIG->disable_registration = false;
  8.  
  9. if (siteaccess_walledgarden_enabled()) {
  10. if(!isloggedin()) {
  11. siteaccess_allowed_pages();
  12. }
  13. }
  14.  
  15. register_plugin_hook('action', 'register', 'siteaccess_register_hook');
  16. register_plugin_hook('action', 'login', 'siteaccess_login_hook');
  17. register_plugin_hook('usersettings:save', 'user', 'siteaccess_user_settings_hook', 25);
  18.  
  19. $period = get_plugin_setting('period','siteaccess');
  20. switch ($period)
  21. {
  22. case 'hourly':
  23. case 'daily' :
  24. case 'weekly' :
  25. case 'monthly' :
  26. break;
  27. default: $period = 'weekly';
  28. }
  29. register_plugin_hook('cron', $period, 'siteaccess_cron_hook');
  30.  
  31. //Register page handler for 1.7 security
  32. register_page_handler('siteaccess', 'siteaccess_page_handler_confirm_email'); // Add siteaccess/index.php
  33.  
  34. if (isadminloggedin())
  35. {
  36. register_page_handler('siteaccess', 'siteaccess_page_handler'); // Add siteaccess/index.php
  37. extend_view('profile/menu/adminlinks','siteaccess/menu/siteaccess_adminlinks'); // Add links to user profile
  38. register_action("siteaccess/activate",false,$CONFIG->pluginspath . "siteaccess/actions/activate.php", true); // Enable validate action
  39. register_action("siteaccess/email/save",false,$CONFIG->pluginspath . "siteaccess/actions/siteaccess/email/save.php", true);
  40. register_action("siteaccess/email/delete",false,$CONFIG->pluginspath . "siteaccess/actions/siteaccess/email/delete.php", true);
  41. }
  42.  
  43. extend_view('css','siteaccess/css');
  44. // register_action("siteaccess/confirm",true, $CONFIG->pluginspath . "siteaccess/actions/confirm.php");
  45. register_action("siteaccess/code",true, $CONFIG->pluginspath . "siteaccess/actions/code.php");
  46. register_elgg_event_handler('validate', 'user', 'siteaccess_validate_user');
  47. register_elgg_event_handler('create', 'user', 'siteaccess_create_user');
  48. }
  49.  
  50. function siteaccess_page_handler_confirm_email($page) {
  51. global $CONFIG;
  52.  
  53. // Get user id
  54. $access_status = access_get_show_hidden_status();
  55. access_show_hidden_entities(true);
  56.  
  57. $user_guid = (int)get_input('u');
  58. $user = get_entity($user_guid);
  59.  
  60. // And the code
  61. $code = sanitise_string(get_input('c'));
  62.  
  63. if ( ($code) && ($user) )
  64. {
  65. if (siteaccess_validate_email($user_guid, $code)) {
  66. system_message(elgg_echo('siteaccess:confirm:success'));
  67.  
  68. siteaccess_notify_user($user, 'validated');
  69. } else
  70. register_error(elgg_echo('siteaccess:confirm:fail'));
  71. }
  72. else
  73. register_error(elgg_echo('siteaccess:confirm:fail'));
  74.  
  75. access_show_hidden_entities($access_status);
  76.  
  77. forward();
  78. }
  79.  
  80. function siteaccess_allowed_pages() {
  81. global $CONFIG;
  82.  
  83. $allowed = false;
  84. $p = parse_url($CONFIG->wwwroot);
  85. $base_url = $p['scheme'] . "://" . $p['host'];
  86. if ((isset($p['port'])) && ($p['port'])) $base_url .= ":" . $p['port'];
  87. $uri = preg_replace('#\?.*|\#.*#', '', $_SERVER['REQUEST_URI']);
  88. $url = $base_url . $uri;
  89. $accesslist = get_plugin_setting('accesslist','siteaccess');
  90. $accesslist = explode("\n", $accesslist);
  91. array_push($accesslist, 'action/login');
  92. array_push($accesslist, '_css/js.php');
  93. array_push($accesslist, '_css/css.css');
  94. array_push($accesslist, '');
  95. foreach($accesslist as $acl) {
  96. $acl = trim($acl);
  97. if(strcmp($url, $CONFIG->wwwroot . $acl) == 0) {
  98. $allowed = true;
  99. break;
  100. }
  101. }
  102.  
  103. $_SESSION['last_forward_from'] = '';
  104. if (!$allowed) {
  105. $msg = elgg_echo('siteaccess:walledgarden:allow');
  106. if (get_plugin_setting('wg_debug', 'siteaccess') == 'yes') {
  107. $uri = ltrim($uri, '/');
  108. $msg .= "\nRequest URI: $uri (Add this to your access list)\n";
  109. }
  110. register_error($msg);
  111. forward($CONFIG->url);
  112. }
  113. }
  114.  
  115. function siteaccess_key_enabled()
  116. {
  117. $enabled = get_plugin_setting('usesiteaccesskey', 'siteaccess');
  118. return ($enabled) == "yes" ? true : false;
  119. }
  120.  
  121. function siteaccess_coppa_enabled()
  122. {
  123. $enabled = get_plugin_setting('usesiteaccesscoppa', 'siteaccess');
  124. if ($enabled == "yes")
  125. return ($enabled == "yes") ? true : false;
  126. }
  127.  
  128. function siteaccess_email_enabled()
  129. {
  130. $enabled = get_plugin_setting('usesiteaccessemail', 'siteaccess');
  131. return ($enabled == "yes") ? true : false;
  132. }
  133.  
  134. function siteaccess_invitecode_enabled()
  135. {
  136. $enabled = get_plugin_setting('invitecode', 'siteaccess');
  137. return ($enabled == "yes") ? true : false;
  138. }
  139.  
  140. function siteaccess_walledgarden_enabled()
  141. {
  142. $enabled = get_plugin_setting('walledgarden', 'siteaccess');
  143. return ($enabled == "yes") ? true : false;
  144. }
  145.  
  146. function siteaccess_river_enabled() {
  147. $enabled = get_plugin_setting('useriver', 'siteaccess');
  148. return ($enabled == "yes") ? true : false;
  149. }
  150.  
  151. function siteaccess_cron_hook($hook, $entity_type, $returnvalue, $params) {
  152. global $CONFIG;
  153.  
  154. $username = get_plugin_setting('notify', 'siteaccess');
  155. if ($username) {
  156. $count = siteaccess_count_users('validated', '0');
  157. if ($count > 0) {
  158. $user = get_user_by_username($username);
  159. if ($user) {
  160. siteaccess_notify_user($user, 'notify_admin');
  161. }
  162. }
  163. }
  164. }
  165.  
  166. function siteaccess_generate_captcha($num) {
  167. global $CONFIG;
  168. $date = date("F j");
  169. $tmp = hexdec(md5($num . $date . $CONFIG->site->url . get_site_secret()));
  170. $code = substr($tmp, 4, 6);
  171.  
  172. return $code;
  173. }
  174.  
  175. function siteaccess_validate_captcha() {
  176. $code = get_input('code');
  177. $random = get_input('random');
  178.  
  179. $generated_code = siteaccess_generate_captcha($random);
  180. $valid = false;
  181. if ((trim($code) != "") && (strcmp($code, $generated_code) == 0))
  182. $valid = true;
  183. else
  184. register_error(elgg_echo('siteaccess:code:invalid'));
  185.  
  186. return $valid;
  187. }
  188.  
  189. function siteaccess_auth_userpass($credentials = NULL) {
  190. if (is_array($credentials) && ($credentials['username']) && ($credentials['password'])) {
  191. if ($user = get_user_by_username($credentials['username'])) {
  192. if ($user->password == generate_user_password($user, $credentials['password']))
  193. return $user;
  194. }
  195. }
  196.  
  197. return false;
  198. }
  199.  
  200. function siteaccess_user_settings_hook($hook, $entity_type, $returnvalue, $params) {
  201. global $CONFIG;
  202.  
  203. $email = get_input('email');
  204. $user_id = get_input('guid');
  205. $user = get_entity($user_id);
  206.  
  207. if ($user) {
  208. if (strcmp($email, $user->email) != 0) {
  209. $user->validated_email = false;
  210. }
  211. }
  212. }
  213.  
  214. function siteaccess_login_hook($hook, $entity_type, $returnvalue, $params) {
  215. if (extension_loaded("gd")) {
  216.  
  217. $username = get_input('username');
  218. $password = get_input('password');
  219. $valid = false;
  220.  
  221. $email = get_input('username');
  222. if ($user = get_user_by_email($email)) {
  223. set_input('username', $user[0]->username);
  224. }
  225.  
  226. return TRUE;
  227.  
  228.  
  229. if (!empty($username) && !empty($password)) {
  230. if ($user = siteaccess_auth_userpass(array('username' => $username, 'password' => $password))) {
  231. $valid = true;
  232. } else {
  233. $_SESSION['login_error_count']++;
  234. }
  235.  
  236. if ($_SESSION['login_error_count'] > 3)
  237. if ($valid = siteaccess_validate_captcha() && $user)
  238. reset_login_failure_count($user->guid);
  239. }
  240.  
  241. if (!$valid)
  242. register_error(elgg_echo('loginerror'));
  243. } else {
  244. $valid = true;
  245. }
  246.  
  247. return $valid;
  248. }
  249.  
  250. function siteaccess_register_hook($hook, $entity_type, $returnvalue, $params) {
  251. $error = false;
  252. if (siteaccess_invitecode_enabled()){
  253. $friend_guid = get_input('friend_guid');
  254. $invitecode = get_input('invitecode');
  255. if($friend_guid) {
  256. if ($friend_user = get_user($friend_guid)) {
  257. if (!$invitecode == generate_invite_code($friend_user->username)) {
  258. $error = true;
  259. }
  260. } else {
  261. $error = true;
  262. }
  263. } else {
  264. $error = true;
  265. }
  266. }
  267. if ($error)
  268. register_error(elgg_echo('siteaccess:invitecode:invalid'));
  269.  
  270. if (siteaccess_key_enabled()) {
  271. $sitekey = get_plugin_setting('siteaccesskey', 'siteaccess');
  272. $inputkey = get_input('siteaccesskey');
  273. if ((trim($inputkey) == "") || (strcmp($inputkey, $sitekey) != 0)) {
  274. register_error(elgg_echo('siteaccess:key:invalid'));
  275. $error = true;
  276. }
  277. }
  278.  
  279. if (siteaccess_coppa_enabled()) {
  280. $coppa = get_input('coppa');
  281. if (!$coppa) {
  282. register_error(elgg_echo('siteaccess:coppa:fail'));
  283. $error = true;
  284. }
  285. }
  286.  
  287. if (extension_loaded("gd")) {
  288. if (!siteaccess_validate_captcha()) {
  289. $error = true;
  290. }
  291. }
  292.  
  293. if ($error) {
  294. siteaccess_register_fail();
  295. }
  296. }
  297.  
  298. function siteaccess_key_question() {
  299. return get_plugin_setting('siteaccesskeyquestion', 'siteaccess');
  300. }
  301.  
  302. function siteaccess_register_fail() {
  303. $username = get_input('username');
  304. $email = get_input('email');
  305. $name = get_input('name');
  306. $friend_guid = get_input('friend_guid');
  307. $invitecode = get_input('invitecode');
  308.  
  309. $qs = explode('?',$_SERVER['HTTP_REFERER']);
  310. $qs = $qs[0];
  311. $qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name) . "&friend_guid=" . $friend_guid . "&invitecode=" . $invitecode;
  312. forward($qs);
  313. }
  314.  
  315. function siteaccess_generate_code($user_guid, $email_address) {
  316. global $CONFIG;
  317. //$date = date("W");
  318. return md5($user_guid . $email_address . $CONFIG->site->url . get_site_secret());
  319. }
  320.  
  321. function siteaccess_validate_user($event, $object_type, $object) {
  322. if (($object) && ($object instanceof ElggUser)) {
  323.  
  324. if (get_plugin_setting('autoactivate', 'siteaccess') == 'yes') {
  325. set_user_validation_status($object->guid, true, 'auto');
  326. }
  327.  
  328. $email_validated = $object->validated_email;
  329.  
  330. if (!$email_validated) {
  331. siteaccess_email_validation($object->guid);
  332. } else {
  333. register_error(elgg_echo('siteaccess:authorize'));
  334. return false;
  335. }
  336. }
  337. }
  338.  
  339. function siteaccess_create_user($event, $object_type, $object) {
  340. if (($object) && ($object instanceof ElggUser))
  341. {
  342. //UDDHAVA
  343. create_metadata($object->guid, 'validated_email', false,'', 0, ACCESS_PUBLIC);
  344. create_metadata($object->guid, 'validated', false,'', 0, ACCESS_PUBLIC);
  345. //UDDHAVA END
  346.  
  347. $friend_guid = get_input('friend_guid');
  348. if ($friend = get_user($friend_guid)) {
  349. create_metadata($object->guid, 'invited_by_guid', $friend->guid,'', 0, ACCESS_PUBLIC);
  350. }
  351. siteaccess_add_to_river($object, 'join');
  352. }
  353. }
  354.  
  355.  
  356. function siteaccess_email_validation($user_guid) {
  357. global $CONFIG;
  358.  
  359. $user = get_entity($user_guid);
  360.  
  361. if (($user) && ($user instanceof ElggUser))
  362. {
  363.  
  364. // Send validation email
  365. $result = siteaccess_notify_user($user, 'confirm');
  366.  
  367. if ($result)
  368. system_message(elgg_echo('siteaccess:confirm:email'));
  369.  
  370. return $result;
  371. }
  372.  
  373. return false;
  374. }
  375.  
  376. function siteaccess_validate_email($user_guid, $code){
  377. $user = get_entity($user_guid);
  378. $valid = ($code == siteaccess_generate_code($user_guid, $user->email));
  379. if ($valid){
  380. $user->enable();
  381. create_metadata($user_guid, 'validated_email', true,'', 0, ACCESS_PUBLIC);
  382. if (siteaccess_email_enabled()) {
  383. set_user_validation_status($user_guid, true, 'email');
  384. siteaccess_add_to_river($user, 'activate');
  385. }
  386. }
  387.  
  388. return $valid;
  389. }
  390.  
  391. function siteaccess_pagesetup()
  392. {
  393. global $CONFIG;
  394.  
  395. if(get_context() == 'admin' && isadminloggedin()) {
  396. add_submenu_item(elgg_echo('siteaccess:admin:menu'), $CONFIG->wwwroot . 'pg/siteaccess/activate');
  397. }
  398. }
  399.  
  400. function siteaccess_page_handler($page)
  401. {
  402.  
  403. global $CONFIG;
  404. if (isset($page[0])) {
  405. set_input('show', $page[0]);
  406. if (isset($page[1])) {
  407. set_input('friend_username', $page[1]);
  408. }
  409. }
  410.  
  411. include($CONFIG->pluginspath . 'siteaccess/index.php');
  412. }
  413.  
  414. function siteaccess_count_users($meta_name, $meta_value) {
  415. $access_status = access_get_show_hidden_status ();
  416. access_show_hidden_entities ( true );
  417.  
  418. if(isset($meta_name) && isset($meta_value)) {
  419. //UDDHAVA $count = get_entities_from_metadata($meta_name, $meta_value, 'user', '', 0, 0, 0, '', 0, true);
  420. $count = elgg_get_entities_from_metadata(array('metadata_name' => $meta_name, 'metadata_value' => $meta_value, 'types' => 'user', 'subtypes' => '', 'owner_guid' => 0, 'limit' => 0, 'offset' => 0, 'count' => TRUE));
  421. }
  422.  
  423. access_show_hidden_entities ( $access_status );
  424. return $count;
  425. }
  426.  
  427. function siteaccess_users($meta_name, $meta_value, $limit = 10, $offset = 0)
  428. {
  429. $access_status = access_get_show_hidden_status ();
  430. access_show_hidden_entities ( true );
  431.  
  432. if(isset($meta_name) && isset($meta_value)) {
  433. //UDDHAVA $entities = elgg_get_entities_from_metadata(, $meta_value, 'user', '', 0, $limit, $offset, '', 0);
  434. $entities = elgg_get_entities_from_metadata(array('metadata_name' => $meta_name, 'metadata_value' => $meta_value, 'types' => 'user', 'subtypes' => '', 'owner_guid' => 0, 'limit' => $limit, 'offset' => $offset, 'count' => FALSE));
  435.  
  436. }
  437. access_show_hidden_entities ( $access_status );
  438. return $entities;
  439. }
  440.  
  441. function siteaccess_parser($user, $str) {
  442. global $CONFIG;
  443. if (($user) && ($user instanceof ElggUser)) {
  444.  
  445. // $ts = time();
  446. // $token = generate_action_token($ts);
  447.  
  448. $confirm_url = $CONFIG->wwwroot . "pg/siteaccess/confirm?u=$user->guid&c=" . siteaccess_generate_code($user->guid, $user->email);
  449. $admin_url = $CONFIG->wwwroot . 'pg/siteaccess/activate';
  450. $patterns = array('/%site_name%/', '/%site_url%/', '/%username%/', '/%name%/', '/%confirm_url%/', '/%admin_url%/');
  451. $replace = array($CONFIG->site->name, $CONFIG->site->url, $user->username, $user->name, $confirm_url, $admin_url);
  452.  
  453. return preg_replace($patterns, $replace, $str);
  454. }
  455.  
  456. return false;
  457. }
  458.  
  459. function siteaccess_add_to_river($user, $type) {
  460. if (siteaccess_river_enabled()) {
  461. switch ($type) {
  462. case 'join':
  463. add_to_river('river/siteaccess/join','join', $user->guid, $user->guid);
  464. break;
  465. case 'activate':
  466. add_to_river('river/siteaccess/activate','activate', $user->guid, $user->guid);
  467. break;
  468. case 'admin':
  469. add_to_river('river/siteaccess/admin','admin', $user->guid, $user->guid);
  470. break;
  471. }
  472. }
  473. }
  474.  
  475. function siteaccess_notify_user($user, $type) {
  476. global $CONFIG;
  477. if (($user) && ($user instanceof ElggUser)) {
  478. if ($email = siteaccess_get_email($type)) {
  479. $subject = siteaccess_parser($user, $email->title);
  480. $content = siteaccess_parser($user, $email->description);
  481. $result = notify_user(
  482. $user->guid,
  483. $CONFIG->site->guid,
  484. $subject,
  485. $content, NULL, 'email');
  486. return $result;
  487. }
  488. }
  489.  
  490. return false;
  491. }
  492.  
  493. function siteaccess_new_email($subject, $content) {
  494. $subject = sanitise_string($subject);
  495. //$content = sanitise_string($content);
  496.  
  497. if ($subject && $content) {
  498. $email = new ElggObject();
  499. $email->subtype = 'siteaccess_email';
  500. $email->owner_guid = $CONFIG->site->guid;
  501. $email->access_id = ACCESS_PUBLIC;
  502. $email->title = $subject;
  503. $email->description = $content;
  504.  
  505. return $email;
  506. }
  507.  
  508. return false;
  509. }
  510.  
  511. function siteaccess_get_email($type) {
  512. $update = false;
  513. switch ($type) {
  514. case 'admin_activated':
  515. $setting = 'admin_activated_email';
  516. $email_guid = get_plugin_setting($setting, 'siteaccess');
  517. $subject = elgg_echo('siteaccess:email:adminactivated:subject');
  518. $content = elgg_echo('siteaccess:email:adminactivated:content');
  519. break;
  520. case 'confirm':
  521. $setting = 'confirm_email';
  522. $email_guid = get_plugin_setting($setting, 'siteaccess');
  523. $subject = elgg_echo('siteaccess:email:confirm:subject');
  524. $content = elgg_echo('siteaccess:email:confirm:content');
  525. break;
  526. case 'validated':
  527. $setting = 'validated_email';
  528. $email_guid = get_plugin_setting($setting, 'siteaccess');
  529. $subject = elgg_echo('siteaccess:email:validated:subject');
  530. $content = elgg_echo('siteaccess:email:validated:content');
  531. break;
  532. case 'notify_admin':
  533. $setting = 'notify_admin_email';
  534. $email_guid = get_plugin_setting($setting, 'siteaccess');
  535. $subject = elgg_echo('siteaccess:email:notifyadmin:subject');
  536. $content = elgg_echo('siteaccess:email:notifyadmin:content');
  537. break;
  538. }
  539.  
  540. if ($email_guid) {
  541. $email = get_entity($email_guid);
  542. if (!$email) {
  543. $update = true;
  544. $email = siteaccess_new_email($subject, $content);
  545. }
  546. } else if ($setting) { // if setting is set then a valid optino was selected create email
  547. $update = true;
  548. $email = siteaccess_new_email($subject, $content);
  549. }
  550.  
  551. if ($update && $email && isadminloggedin()) {
  552. $email->save();
  553. set_plugin_setting($setting, $email->guid, 'siteaccess');
  554. }
  555.  
  556. if ($email) {
  557. return $email;
  558. }
  559.  
  560. return false;
  561. }
  562.  
  563. register_elgg_event_handler('init','system','siteaccess_init');
  564. register_elgg_event_handler('pagesetup', 'system', 'siteaccess_pagesetup');
  565. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!